1. Field
The present invention relates generally to security for a server application, and more particularly, to a technique to validate a request for the server application.
2. Description of the Related Art
The Internet is a set of computer networks that are joined together by components, such as gateways, to handle the transfer and conversion of messages from the protocol that is used by the sending network to the protocol used by the receiving network. The Internet carries information and is used to provide services. The information and services include, for example, without limitation, electronic mail, online chat services, file transfers, web pages, and other resources.
The Internet is commonly used as a source of information and entertainment. Further, the Internet is also used as a medium for business activities. Many businesses, government entities, and other organizations have a presence on the Internet using websites to perform various transactions.
Many businesses, government entities, and other organizations have a presence on the internet using websites to perform various transactions. Organizations may offer goods and services. These goods and services may involve a sale of goods that is to be shipped to a customer. The goods also may be software and/or data purchased by a customer and transferred over the Internet to the customer.
In performing transactions and looking for information, customers and other users utilize programs, such as browsers, to interact with websites. For example, a user at a computer may enter information into a form on a webpage displayed by the browser on the computer. The user may then submit the information to an application. This application is a server application and, more specifically, may be referred to as a web server application.
With the transfer of information from users to server applications, security is a concern. One concern is the confidentiality of information being transferred from the browser to the server application. Encryption and other mechanisms are currently used to provide this type of security.
An example of another type of security concern is vulnerabilities of the web server application. Vulnerabilities of web server applications are a large class of vulnerabilities that occur on a regular basis. Many of the vulnerabilities in web server applications result from an improper validation of data sent to the web server applications.
For example, currently available web server applications often do not perform validation of data passed to them by a client. For example, the data may not give the correct type and length. When these situations occur, the server application attempts to handle the data, even though the data is of the wrong type or length. As a result, vulnerabilities may occur with this type of situation.